“..security breaches are still happening at an even more significant pace with more damaging results. In the end, many of these advanced intrusions and data security breaches are focused on taking over access to the accounts and permissions of specific “privileged” users in an organization who have access to sensitive data…”
“…These privileged users are specifically targeted by outside hackers because they have proverbial keys to the kingdom, but in some cases the inside user themselves is intent on stealing or doing damage…”
One solution that is emerging to this problem is to carefully monitor everything (e.g. every key stroke and every mouse click) that a privileged user does on the network, while also putting more granular limits on what they can do. Basically “trust but verify,” with the goal being detecting any anomalies in a privileged user’s computing usage (e.g. why is this person downloading the source code at 3 a.m.?). This is not uncommon as it relates to other privileged users in other jobs — the “Eye in the Sky” in the casinos in Las Vegas is equally monitoring the gamblers for cheating but is also monitoring the dealers, and at a bank the CCTV is not only looking for robbers but the teller slipping some money in their pocket.
Instructive of the value of this new approach is that immediately after its breach, the RSA division of EMC acquired private company Netwitness for a reported large premium. Netwitness is known for analyzing user activity monitoring at the network layer. In addition, the latest security vendor to file for an IPO, Imperva, has as its core solution the ability to monitor database access and usage by Database Administrators, another type of privileged user.